Hi,
For ROOT and .com zones only KSK is used for DNSKEY RR set signing whereas
comcast.com DNSKEY RR set is signed by both KSK and ZSK.
Best regards,
Maciej Andziński
----- Oryginalna wiadomość -----
> Dear friends:
> When the resolver sends the DNSKEY RR query, irrespecitve of keyrollover
> period, I think the response message should reply a KSK, a ZSK and a
> RRSIG(DNSKEY). However, when I capture the package with tcpdump, the
> response message is unanticipated.
> I get the response with one KSK, two ZSKs and one RRSIG(DNSKEY)while we send
> DNSKEY RR query to root.
> For example,
> I get the response with one KSK, one ZSKs and one RRSIG(DNSKEY)while we send
> DNSKEY RR query to com zone.
> For example,
> I get the response with one KSK, one ZSKs and two RRSIG(DNSKEY)while we send
> DNSKEY RR query to comcast.com zone.
> For example,
> .
> So, my question is that what is the exact result of DNSKEY RR query, how I
> calculate their message size?
> scottjiang1...@hotmail.com
> _______________________________________________
> dns-operations mailing list
> dns-operations@lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
